Unrated severityNVD Advisory· Published Feb 6, 2026· Updated Feb 6, 2026

Reflected Cross-Site Scripting in PDF Export Error Message

CVE-2026-0521

Description

A reflected cross-site scripting (XSS) vulnerability in the PDF export functionality of the TYDAC AG MAP+ solution allows unauthenticated attackers to craft a malicious URL, that if visited by a victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered through various means, for instance, by sending a link or by tricking victims to visit a page crafted by the attacker.

This issue was verified in MAP+: 3.4.0.

Affected products

TYDAC AG/MAP+llm-create
Range: = 3.4.0
TYDAC AG/MAP+v5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.redguard.ch/blog/2026/02/05/advisory-tydac-mapplus/mitrethird-party-advisorytechnical-description
www.tydac.ch/en/mapplus/mitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000